The cyber environment is filled with threats. It’s virtually impossible to avoid “INFRASTRUCTURE FACES IMMINENT CYBER ATTACK,” or something very similar every time you encounter online or television news. Nobody argues that there’s no threat. At the same time few people, much less experts, agree on how to solve the threat.

Let’s go a step beyond acknowledging our infrastructure is in danger. How do we quantify the threat and our preparation to respond? How do you, our nation’s cybersecurity professionals, assess the readiness and agility of an organization, and more importantly how do you describe the threat and defense landscape to people outside the profession?